fedora-infrastructure

Clone
Source Code
GIT

#7005 Can not ssh to pagure
Closed: Fixed 5 years ago Opened 5 years ago by mreynolds.

Closed: Fixed
Reopen Issue

I just had to reinstall laptop from scratch (Fedora 28), andI restored my home directory from a backup. After doing so I was getting this error trying to access my repo

[mareynol@localhost 389-ds-base]$ git pull
sign_and_send_pubkey: signing failed: agent refused operation
git@pagure.io: Permission denied (publickey).
fatal: Could not read from remote repository.

So I regenerated my fedora ssh keys and uploaded the public keys to my FAS account and to my Pagure account, but I still get the same errors. Here is a little more debug info:

```
[mareynol@localhost 389-ds-base]$ ssh -vvv git@pagure.io
OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for
debug2: resolving "pagure.io" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to pagure.io [2605:bc80:3010:600:dead:beef:cafe:fed8] port 22.
debug1: Connection established.
debug1: identity file /home/mareynol/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to pagure.io:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pagure.io
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY, serial 1502813437 ID "pagure01.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2017-08-15T11:10:41 to 2018-08-14T12:10:41
debug2: Server host certificate hostname: pagure.io
debug2: Server host certificate hostname: pagure01.fedoraproject.org
debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pagure.io
debug1: No matching CA found. Retry with plain key
debug1: Host 'pagure.io' is known and matches the RSA host key.
debug1: Found key in /home/mareynol/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/mareynol/.ssh/id_rsa (0x55bc05eeee00), agent
debug2: key: mareynol@redhat.com (0x55bc05ef2130), agent
debug2: key: /home/mareynol/.ssh/id_dsa ((nil))
debug2: key: /home/mareynol/.ssh/id_ecdsa ((nil))
debug2: key: /home/mareynol/.ssh/id_ed25519 ((nil))
debug2: key: /home/mareynol/.ssh/id_xmss ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:############my HASH 1 ################### /home/mareynol/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA SHA256:############my HASH 2 ################### mareynol@redhat.com
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:############my HASH 2 ###################
debug3: sign_and_send_pubkey: RSA SHA256:############my HASH 2 ###################
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Trying private key: /home/mareynol/.ssh/id_dsa
debug3: no such identity: /home/mareynol/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_ecdsa
debug3: no such identity: /home/mareynol/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_ed25519
debug3: no such identity: /home/mareynol/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_xmss
debug3: no such identity: /home/mareynol/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@pagure.io: Permission denied (publickey).

Please make sure you have the correct access rights
and the repository exists.
[mareynol@localhost 389-ds-base]$ ssh -vvv git@pagure.io
OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for
debug2: resolving "pagure.io" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to pagure.io [2605:bc80:3010:600:dead:beef:cafe:fed8] port 22.
debug1: Connection established.
debug1: identity file /home/mareynol/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to pagure.io:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pagure.io
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY, serial 1502813437 ID "pagure01.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2017-08-15T11:10:41 to 2018-08-14T12:10:41
debug2: Server host certificate hostname: pagure.io
debug2: Server host certificate hostname: pagure01.fedoraproject.org
debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pagure.io
debug1: No matching CA found. Retry with plain key
debug1: Host 'pagure.io' is known and matches the RSA host key.
debug1: Found key in /home/mareynol/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug2: key: /home/mareynol/.ssh/id_rsa (0x55bc05eeee00), agent
debug2: key: mareynol@redhat.com (0x55bc05ef2130), agent
debug2: key: /home/mareynol/.ssh/id_dsa ((nil))
debug2: key: /home/mareynol/.ssh/id_ecdsa ((nil))
debug2: key: /home/mareynol/.ssh/id_ed25519 ((nil))
debug2: key: /home/mareynol/.ssh/id_xmss ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:B48YhpA0OfEnUOnxNuLk1ZHh9BpWUWM33HoBnm55jU0 /home/mareynol/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering public key: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 mareynol@redhat.com
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4
debug3: sign_and_send_pubkey: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Trying private key: /home/mareynol/.ssh/id_dsa
debug3: no such identity: /home/mareynol/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_ecdsa
debug3: no such identity: /home/mareynol/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_ed25519
debug3: no such identity: /home/mareynol/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_xmss
debug3: no such identity: /home/mareynol/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@pagure.io: Permission denied (publickey).
```

So, you have " sign_and_send_pubkey: signing failed: agent refused operation". This is an issue with your SSH agent where it is basically first offering the key, but upon being asked to prove ownership, refuses.
Could you try with SSH_AUTH_SOCK= ssh -vvv git@pagure.io to bypass the agent and determine if it's a bug in e.g. gnome-keyring-daemon? (I've seen it refuse to sign often enough when you get a new key until it's restarted)
Edited 5 years ago by puiterwijk

I did restart my laptop (still fails), and here is new the output:

$ SSH_AUTH_SOCK= ssh -vvv git@pagure.io
OpenSSH_7.7p1, OpenSSL 1.1.0h-fips 27 Mar 2018
debug1: Reading configuration data /etc/ssh/ssh_config
debug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0
debug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf
debug3: /etc/ssh/ssh_config.d/05-redhat.conf line 2: Including file /etc/crypto-policies/back-ends/openssh.config depth 1
debug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config
debug3: gss kex names ok: [gss-gex-sha1-,gss-group14-sha1-]
debug3: kex names ok: [curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]
debug1: /etc/ssh/ssh_config.d/05-redhat.conf line 8: Applying options for
debug2: resolving "pagure.io" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to pagure.io [2605:bc80:3010:600:dead:beef:cafe:fed8] port 22.
debug1: Connection established.
debug1: identity file /home/mareynol/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_ed25519-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_xmss type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/mareynol/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.7
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to pagure.io:22 as 'git'
debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pagure.io
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: ciphers stoc: aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
debug2: MACs ctos: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: MACs stoc: hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ssh-rsa-cert-v01@openssh.com
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-rsa-cert-v01@openssh.com
debug1: kex: server->client cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: aes256-gcm@openssh.com MAC: <implicit> compression: none
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug1: kex: curve25519-sha256@libssh.org need=32 dh_need=32
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:Gddkd5H7oQ1RaK8WgXSKl7JZP+FgLyidmxbLercJ/JY, serial 1502813437 ID "pagure01.fedoraproject.org" CA ssh-rsa SHA256:IPuhCSNXqj4m2eq6UKYE1jHFglLgLCbBzINft+OxUMA valid from 2017-08-15T11:10:41 to 2018-08-14T12:10:41
debug2: Server host certificate hostname: pagure.io
debug2: Server host certificate hostname: pagure01.fedoraproject.org
debug3: hostkeys_foreach: reading file "/home/mareynol/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /home/mareynol/.ssh/known_hosts:1
debug3: load_hostkeys: loaded 1 keys from pagure.io
debug1: No matching CA found. Retry with plain key
debug1: Host 'pagure.io' is known and matches the RSA host key.
debug1: Found key in /home/mareynol/.ssh/known_hosts:1
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 4294967296 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: Connection refused
debug2: key: /home/mareynol/.ssh/id_rsa (0x561c1b082dc0)
debug2: key: /home/mareynol/.ssh/id_dsa ((nil))
debug2: key: /home/mareynol/.ssh/id_ecdsa ((nil))
debug2: key: /home/mareynol/.ssh/id_ed25519 ((nil))
debug2: key: /home/mareynol/.ssh/id_xmss ((nil))
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA SHA256:B48YhpA0OfEnUOnxNuLk1ZHh9BpWUWM33HoBnm55jU0 /home/mareynol/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/mareynol/.ssh/id_dsa
debug3: no such identity: /home/mareynol/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_ecdsa
debug3: no such identity: /home/mareynol/.ssh/id_ecdsa: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_ed25519
debug3: no such identity: /home/mareynol/.ssh/id_ed25519: No such file or directory
debug1: Trying private key: /home/mareynol/.ssh/id_xmss
debug3: no such identity: /home/mareynol/.ssh/id_xmss: No such file or directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@pagure.io: Permission denied (publickey).

I don't see it mentioning: /.ssh/id_rsa_fedora, only my RedHat Key "id_rsa"

The server has the key with fingerprint SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4, but your client is no longer sending this without agent.
Try this: SSH_AUTH_SOCK= ssh -vvv git@pagure.io -o IdentityFile=~/.ssh/id_rsa_fedora.

If that works, you want to add an .ssh/config entry with an IdentityFile option.

...
...
debug1: Offering public key: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 /home/mareynol/.ssh/id_rsa_fedora
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4
debug3: sign_and_send_pubkey: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/mareynol/.ssh/id_rsa_fedora' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/mareynol/.ssh/id_rsa_fedora": bad permissions
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@pagure.io: Permission denied (publickey).

What are the ideal permissions to set on my public key?

...
...
debug1: Offering public key: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4 /home/mareynol/.ssh/id_rsa_fedora
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4
debug3: sign_and_send_pubkey: RSA SHA256:43p0z/oO9SABW/xkBLTlkJ50EE7GYSTeOy8IKp5cjp4
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/mareynol/.ssh/id_rsa_fedora' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/mareynol/.ssh/id_rsa_fedora": bad permissions
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
git@pagure.io: Permission denied (publickey).
What are the ideal permissions to set on my public key?

Public key permissions don't matter.
Private key permissions must be 0600 and owned by your user (well, technically 0400 would work too, but at least it needs to be 0x00, so go-rwx).

Also, I'm wondering if gnome-keyring-daemon enforces this too but just doesn't log about it.
Edited 5 years ago by puiterwijk

Now it all works after changing the permissions. Thanks!!!!!

No problem at all. Let us know if we can help with anything else.

Metadata Update from @puiterwijk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
5 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
Needs Review
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.